Cross-browser safe and fast HTML sanitizer

EscapeHtml.js

// Use the browser's built-in functionality to quickly and safely escape the string
function escapeHtml(str)
{
  var div = document.createElement('div')
  div.appendChild(document.createTextNode(str))
  return div.innerHTML
}

// UNSAFE with unsafe strings; only use on previously-escaped ones!
function unescapeHtml(escapedStr)
{
  var div = document.createElement('div')
  div.innerHTML = escapedStr
  var child = div.childNodes[0]
  return child ? child.nodeValue : ''
}